Adding Identity Servers
You can add third-party identity providers (IdP), such as Okta, OneLogin, and ADFS, so that users can be authenticated. SAML metadata is used to share configuration information between the Identity Provider (IdP) and the Service Provider (SP). Metadata for the IdP and the SP is defined in XML files:
- The IdP metadata XML file contains the IdP certificate, the entity ID, the redirect URL, and the logout URL. For an example, see Sample SAML IdP Metadata XML.
- The SP metadata XML file contains the SP certificate, the entity ID, the Assertion Consumer Service URL (ACS URL), and a log out URL (SingleLogoutService). For an example, see Sample SAML SP Metadata XML.
Before using SAML to log on to the Web Console or Command Center, metadata from the IdP must be uploaded and metadata from the SP must be generated. After the SP metadata is generated, it must be securely shared with the IdP. Contact the IdP for instructions on sharing the SP metadata.
Before You Begin
- Create or get an Identity Provider (IdP) metadata XML file using the SAML protocol. For SAML metadata specifications, go to the Oasis website, Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0.
For an example, see Sample SAML IdP Metadata XML.
- Create a keystore file. For information on keystore files, see Creating Certificates for SAML Integration.
- From the navigation pane, go to Security > Identity servers.
The Identity servers page appears.
- To create an identity server, click Add.
The Add SAML App dialog box appears.
- In the Application Name box, enter an application name.
- If you are an MSP administrator creating the SAML app for a company, in the Created for company box, select the company.
If you are creating the SAML app for the entire CommCell environment or if you are a tenant administrator, a company is not needed.
- Upload the IdP metadata:
- Next to the Upload IDP metadata box, click Browse.
- Browse to the location of the XML file that contains the IdP metadata, select the file, and click Open.
- Generate the SP metadata:
- Under Generate new SP metadata, next to the Upload key store file box, click Browse.
- Browse to the location of the keystore file, for example, C:\security\mykeystore.jks, select the file, and click Open.
- Enter the keystore file values for Alias name, Key Store Password, and Key Password.
- To generate the SP metadata and to save the IdP metadata, click Save.
After the SP metadata is generated, it must be securely shared with the IdP. Contact the IdP for instructions on sharing the SP metadata.
What to Do Next
After you add the Identity server, create redirect rules to automatically add users from the SAML response to a specific domain. For more information, see Automatically Creating Users.
Last modified: 10/11/2019 6:02:37 PM